Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/AsZ4lIlUC0d5mfRed_ShT3RnpBQ.roa
File:                     AsZ4lIlUC0d5mfRed_ShT3RnpBQ.roa (raw, json)
Hash identifier:          W7NsqtDHS3yDz7/Se2vS6CdoOqQMP8fqf009dcbuclU=
Subject key identifier:   02:C6:78:94:89:54:0B:47:79:99:F4:5E:77:F4:A1:4F:74:67:A4:14
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       019850A592E11F86BC8D8093910633FE909D
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/AsZ4lIlUC0d5mfRed_ShT3RnpBQ.roa
Signing time:             Mon 28 Jul 2025 10:48:05 +0000
ROA not before:           Mon 28 Jul 2025 10:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199152
IP address blocks:        2a11:68c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:50:a5:92:e1:1f:86:bc:8d:80:93:91:06:33:fe:90:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Jul 28 10:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02c6789489540b477999f45e77f4a14f7467a414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c9:b7:46:9e:16:ea:5d:d8:e2:7f:34:fa:2e:
                    e0:bc:5b:fe:a4:65:e2:ea:ae:e2:f0:45:cb:e0:b4:
                    51:30:6f:9e:75:0f:c7:87:39:5c:a2:b8:f6:c8:ce:
                    69:85:3a:5c:a1:e0:ac:30:1c:c0:9b:eb:6c:62:cc:
                    25:97:5b:8c:0d:a0:67:07:38:0e:ef:b9:c5:dc:bd:
                    fe:f3:00:3f:d4:f7:99:86:57:08:a8:fb:8c:05:be:
                    e0:18:ea:8c:31:15:1e:4a:90:1c:76:d2:01:d8:5a:
                    f1:41:ff:20:99:c3:50:54:c7:f8:50:0b:b4:7b:bf:
                    3b:a6:d0:3c:87:2d:91:3d:be:f7:cf:ab:3d:82:80:
                    f5:6a:02:84:23:25:9c:e1:86:23:13:53:75:79:60:
                    c9:f7:45:5d:60:ed:a6:45:1d:b1:11:25:6a:0a:9b:
                    12:ee:34:76:6f:48:57:37:54:f5:ba:3e:99:43:bd:
                    09:b1:e2:4e:d6:f2:a6:2c:66:d8:13:d8:00:06:3c:
                    5b:52:79:96:81:28:db:45:78:16:54:5f:9a:8a:ee:
                    c5:a3:60:57:4c:f7:c5:cc:bf:28:97:3b:dc:41:f8:
                    83:38:37:70:72:9a:4a:d2:8e:5d:e8:38:50:18:a3:
                    e5:5e:13:df:f7:23:ea:26:15:c2:9c:00:b6:b6:d2:
                    56:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:C6:78:94:89:54:0B:47:79:99:F4:5E:77:F4:A1:4F:74:67:A4:14
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/AsZ4lIlUC0d5mfRed_ShT3RnpBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:68c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:91:00:b7:2e:eb:96:1d:90:af:f8:ed:71:f8:51:7d:c8:7b:
         8e:d3:e2:e0:fb:18:fe:0a:f2:5b:5d:bc:f0:dd:05:cb:52:cd:
         6d:eb:42:32:a9:88:b7:72:eb:e7:05:f9:31:b4:fb:60:99:5c:
         7c:74:1d:31:4a:c4:df:66:fa:9f:f5:50:dc:70:04:c4:1d:c6:
         35:a1:a2:78:d0:5f:f1:97:06:c6:9e:e8:31:ca:9c:2d:4d:37:
         36:72:ed:80:0a:00:cb:e2:90:98:16:4c:77:52:2a:0b:94:ef:
         fb:8f:4e:d0:32:3f:eb:77:61:9d:b0:7a:fc:07:c1:8f:a2:6a:
         f3:fa:67:5f:2e:53:c1:29:09:ea:ea:3a:ed:22:a1:ec:28:bf:
         0d:6d:0b:8f:f6:3c:a3:07:ed:f5:0e:0f:12:b1:0f:20:de:db:
         16:95:0e:0e:c4:78:c8:ad:2a:e8:f1:90:a0:ea:f7:64:25:4f:
         a7:0f:f7:29:09:b3:c3:c1:51:bd:67:63:1c:39:3d:73:5e:32:
         32:81:75:d1:f0:be:56:82:10:60:e0:d1:67:85:6a:6c:05:8c:
         ca:81:9d:1c:c4:20:b1:dd:04:3b:9e:d3:5a:ef:19:f9:f9:f6:
         a2:2b:32:25:e0:32:6f:b1:e5:05:96:06:49:ab:97:ac:08:6e:
         3a:7b:0a:e4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZhQpZLhH4a8jYCTkQYz/pCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwNzI4MTA0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmM2Nzg5NDg5NTQwYjQ3Nzk5OWY0NWU3N2Y0YTE0Zjc0NjdhNDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8m3Rp4W6l3Y4n80+i7gvFv+pGXi
6q7i8EXL4LRRMG+edQ/Hhzlcorj2yM5phTpcoeCsMBzAm+tsYswll1uMDaBnBzgO
77nF3L3+8wA/1PeZhlcIqPuMBb7gGOqMMRUeSpAcdtIB2FrxQf8gmcNQVMf4UAu0
e787ptA8hy2RPb73z6s9goD1agKEIyWc4YYjE1N1eWDJ90VdYO2mRR2xESVqCpsS
7jR2b0hXN1T1uj6ZQ70JseJO1vKmLGbYE9gABjxbUnmWgSjbRXgWVF+aiu7Fo2BX
TPfFzL8olzvcQfiDODdwcppK0o5d6DhQGKPlXhPf9yPqJhXCnAC2ttJWKwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFALGeJSJVAtHeZn0Xnf0oU90Z6QUMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvQXNaNGxJbFVDMGQ1bWZSZWRfU2hUM1JucEJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhFoxTAN
BgkqhkiG9w0BAQsFAAOCAQEAGJEAty7rlh2Qr/jtcfhRfch7jtPi4PsY/gryW128
8N0Fy1LNbetCMqmIt3Lr5wX5MbT7YJlcfHQdMUrE32b6n/VQ3HAExB3GNaGieNBf
8ZcGxp7oMcqcLU03NnLtgAoAy+KQmBZMd1IqC5Tv+49O0DI/63dhnbB6/AfBj6Jq
8/pnXy5TwSkJ6uo67SKh7Ci/DW0Lj/Y8owft9Q4PErEPIN7bFpUODsR4yK0q6PGQ
oOr3ZCVPpw/3KQmzw8FRvWdjHDk9c14yMoF10fC+VoIQYODRZ4VqbAWMyoGdHMQg
sd0EO57TWu8Z+fn2oisyJeAyb7HlBZYGSauXrAhuOnsK5A==
-----END CERTIFICATE-----